hxxps://aka[.]ms/LearnAboutSenderIdentification

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aka.ms/LearnAboutSenderIdentification

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
2364	msedge.exe
2364	msedge.exe
3640	identity_helper.exe
3640	identity_helper.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 3220	2364	msedge.exe	43
PID 2364 wrote to memory of 3220	2364	msedge.exe	43
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1768	2364	msedge.exe	85
PID 2364 wrote to memory of 1184	2364	msedge.exe	84
PID 2364 wrote to memory of 1184	2364	msedge.exe	84
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86
PID 2364 wrote to memory of 4860	2364	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/LearnAboutSenderIdentification
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff940c246f8,0x7ff940c24708,0x7ff940c24718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10433488882063753355,3512633695694995888,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
3d302cd0799963cc5c2181c35627da0f

SHA1
df649a133c094ba47f655658882a89580e644a86

SHA256
aa349f48486353455df7fd7a9839e52b3368548e1eb054ffaec22593c1c15e7f

SHA512
f58aa096fab44a1d9aa9a65e3b78d1de1c87394642159b868427ddc80a1f394d5407952dbf1227d7b1d34030c73d633f7fb79f1cead7387010211db2838f39b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
65a16f6d709966bba1f64aeeef0051d1

SHA1
0d236fe7f2744f010927463a078427f15f1326d2

SHA256
d3be7f669b60864b90424951c5074d07f6b199106cfd83f4cf63a360a3e330d8

SHA512
7cc2debe5f889889801312524be7cb4f7029295ffa55ef1764dade456ea531eb973a3e9961e8b2a682f378948ed61fe75e7f71201b1d06908da1d56eedf084f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88af396a39bf1c3605101c4b6f8e8afe

SHA1
3204e855368e69dcaac37789ee4b332c2dc85e89

SHA256
6aa712c5b2c63f859044a103bbbb0dea55ba8148e300dcb946e59caee76e41b8

SHA512
2aecd3a904b5258b8710da4f9dcbde9b4f86d6b3292bff14fb35c9df98a7d706ec9866afcf0b1871d9c26939ee9551ea3de4de2dd4e3f7ad43e3505a6cfc11a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95f329f3b44e680bab3fd2beae5930bc

SHA1
8cf9efb3c9c0928e4020b70b2af23f6365425c9e

SHA256
f0bf1f957f2fcc60f6e2ae029c8aba766962011a3dc93f967788b414e72c213e

SHA512
65ddf5a8fecf9563a1c68520bd551cbbedf1e35e3216a8891f02799f28a447b606faba65501e2382d63b0d0ebca41a3d203fb00ce36cfc6b970bb176e8dd51b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ce9771a8c87314cfd993710042c9f6b

SHA1
e6bc10e2f3b241419c9504d4368f5b72fe8aaa37

SHA256
0ef7d4176c7128f8e8a9c7bbf42447b2555621d70c7f57d59364cc5b4475b021

SHA512
5a1e4c98fc2eb30ddc686e290872777eb24c3cb33c3357a01e93dbfed678ebf74cfd197348cded03f940642d1dbb475fd833339bed1452d4cf9b955c70a18e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8eb.TMP

Filesize
1KB

MD5
16a9e88b8028aab6cd17943c7333b802

SHA1
09c5e83e29f102b117df033bc1f81f4b89e3fba3

SHA256
9abeabc2895c313ef1ed181e16ff9ad93607ea12f94ef13f65b49fa59ce68128

SHA512
286cffcb7a307b6ef9baf75adfc68438efa7302d3df5cede7b07810f27fe390fb6cfe44e1395903ba665d08d62f0052362ebdcfad17a802563baaeb118c430c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e318f973b95f27f8e3e79609851eb0f

SHA1
f6aa02837cc7f146d62b74f0e259a3e1b799b985

SHA256
d91f0b0d1c7ff2a0906fd35a63c7540cdf9fc2b9e6f235b9d09b998d79e16cdf

SHA512
22ece9994bcb3f74fb74afaf460da34bfd1a52596e1f1444cdd29b08472000304c807e7156b3fe0813a423e14da48fb1cf123acdd57a574f471f38ec6693a611

Download Submit